You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Review consolidated use cases for token exchange
Yaroslav: The proposal is to to condense broad set of business use cases into generic short list of use cases based on techical aspects.
New version of use cases on top of [the document](https://docs.google.com/document/d/1TTVNV4gpTcFnMIFzwCU_JKAWSAD8Jo7QjjCXCeDbqZ0/edit?pli=1)
Andrii: Should we consider workload authentication and different types of credentials? (K8s SA, X.509, SVID, etc.)
Dmitry, Yaroslav: Suggestion to consider workload attestation as out of scope, context for token exchange.
Andrii: We need to focus on OAuth centric token exchange mechanism, probably an extension of OAuth specification.
Yaroslav: Disagree on this approach as some discussed target tokens are derived from OAuth and some completely independent so we may consider OAuth as a foundational specification but do not limit to compatible only token formats.
Andrii, Dmitry: Open question about OAuth centric or not OAuth centric token exchange. Should we make a call or present several options for broad discussion?
